Refactor ds:KeyValue

tvdijen · tvdijen · commit b6cf4e845158 · 2025-06-09T16:42:58.000+02:00
diff --git a/src/XML/ds/KeyValue.php b/src/XML/ds/KeyValue.php
@@ -6,14 +6,20 @@
 
 use DOMElement;
 use SimpleSAML\Assert\Assert;
-use SimpleSAML\XML\ElementInterface;
+use SimpleSAML\XML\Chunk;
 use SimpleSAML\XML\Exception\InvalidDOMElementException;
 use SimpleSAML\XML\Exception\SchemaViolationException;
 use SimpleSAML\XML\Exception\TooManyElementsException;
 use SimpleSAML\XML\ExtendableElementTrait;
 use SimpleSAML\XML\SchemaValidatableElementInterface;
 use SimpleSAML\XML\SchemaValidatableElementTrait;
+use SimpleSAML\XML\SerializableElementInterface;
 use SimpleSAML\XML\XsNamespace as NS;
+use SimpleSAML\XMLSecurity\Constants as C;
+use SimpleSAML\XMLSecurity\XML\dsig11\ECKeyValue;
+
+use function array_merge;
+use function array_pop;
 
 /**
  * Class representing a ds:KeyValue element.
@@ -22,7 +28,11 @@
  */
 final class KeyValue extends AbstractDsElement implements SchemaValidatableElementInterface
 {
-    use ExtendableElementTrait;
+    use ExtendableElementTrait {
+        // We use our own getter instead of the trait's one
+        getElements as private;
+        setElements as private;
+    }
     use SchemaValidatableElementTrait;
 
 
@@ -33,33 +43,41 @@ final class KeyValue extends AbstractDsElement implements SchemaValidatableEleme
     /**
      * Initialize an KeyValue.
      *
-     * @param \SimpleSAML\XMLSecurity\XML\ds\RSAKeyValue|null $RSAKeyValue
-     * @param \SimpleSAML\XML\SerializableElementInterface|null $element
+     * @param \SimpleSAML\XML\SerializableElementInterface $keyValue
      */
     final public function __construct(
-        protected ?RSAKeyValue $RSAKeyValue,
-        ?ElementInterface $element = null,
+        protected RSAKeyValue|DSAKeyValue|ECKeyValue|SerializableElementInterface $keyValue,
     ) {
-        Assert::false(
-            is_null($RSAKeyValue) && is_null($element),
-            'A <ds:KeyValue> requires either a RSAKeyValue or an element in namespace ##other',
-            SchemaViolationException::class,
-        );
-
-        if ($element !== null) {
-            $this->setElements([$element]);
+        if (!(
+            $keyValue instanceof RSAKeyValue
+            || $keyValue instanceof DSAKeyValue
+            || $keyValue instanceof ECKeyValue
+        )) {
+            Assert::true(
+                (
+                    ($keyValue instanceof Chunk)
+                    ? $keyValue->getNamespaceURI()
+                    : $keyValue::getNameSpaceURI()
+                ) !== C::NS_XDSIG,
+                'A <ds:KeyValue> requires either a RSAKeyValue, DSAKeyValue, ECKeyValue '
+                . 'or an element in namespace ##other',
+                SchemaViolationException::class,
+            );
         }
     }
 
 
     /**
      * Collect the value of the RSAKeyValue-property
      *
-     * @return \SimpleSAML\XMLSecurity\XML\ds\RSAKeyValue|null
+     * @return \SimpleSAML\XMLSecurity\XML\ds\RSAKeyValue|
+     *         \SimpleSAML\XMLSecurity\XML\ds\DSAKeyValue|
+     *         \SimpleSAML\XMLSecurity\XML\dsig11\ECKeyValue|
+     *         \SimpeSAML\XML\SerializableElementInterface
      */
-    public function getRSAKeyValue(): ?RSAKeyValue
+    public function getKeyValue(): RSAKeyValue|DSAKeyValue|ECKeyValue|SerializableElementInterface
     {
-        return $this->RSAKeyValue;
+        return $this->keyValue;
     }
 
 
@@ -77,23 +95,20 @@ public static function fromXML(DOMElement $xml): static
         Assert::same($xml->localName, 'KeyValue', InvalidDOMElementException::class);
         Assert::same($xml->namespaceURI, KeyValue::NS, InvalidDOMElementException::class);
 
-        $RSAKeyValue = RSAKeyValue::getChildrenOfClass($xml);
-        Assert::maxCount(
-            $RSAKeyValue,
-            1,
-            'A <ds:KeyValue> can contain exactly one <ds:RSAKeyValue>',
-            TooManyElementsException::class,
+        $keyValue = array_merge(
+            RSAKeyValue::getChildrenOfClass($xml),
+            DSAKeyValue::getChildrenOfClass($xml),
+            self::getChildElementsFromXML($xml),
         );
 
-        $elements = self::getChildElementsFromXML($xml);
-        Assert::maxCount(
-            $elements,
+        Assert::count(
+            $keyValue,
             1,
-            'A <ds:KeyValue> can contain exactly one element in namespace ##other',
+            'A <ds:KeyValue> must contain exactly one child element',
             TooManyElementsException::class,
         );
 
-        return new static(array_pop($RSAKeyValue), array_pop($elements));
+        return new static(array_pop($keyValue));
     }
 
 
@@ -107,13 +122,7 @@ public function toXML(?DOMElement $parent = null): DOMElement
     {
         $e = $this->instantiateParentElement($parent);
 
-        $this->getRSAKeyValue()?->toXML($e);
-
-        foreach ($this->elements as $elt) {
-            if (!$elt->isEmptyElement()) {
-                $elt->toXML($e);
-            }
-        }
+        $this->getKeyValue()->toXML($e);
 
         return $e;
     }
diff --git a/tests/XML/ds/KeyValueTest.php b/tests/XML/ds/KeyValueTest.php
@@ -70,9 +70,8 @@ public function testMarshalling(): void
     {
         $keyValue = new KeyValue(RSAKeyValue::fromXML(self::$rsaKeyValue->documentElement));
 
-        $rsaKeyValue = $keyValue->getRSAKeyValue();
+        $rsaKeyValue = $keyValue->getKeyValue();
         $this->assertInstanceOf(RSAKeyValue::class, $rsaKeyValue);
-        $this->assertEmpty($keyValue->getElements());
 
         $this->assertEquals($rsaKeyValue->getModulus()->getContent(), 'dGhpcyBpcyBzb21lIHJhbmRvbSBtb2R1bHVzCg==');
         $this->assertEquals($rsaKeyValue->getExponent()->getContent(), 'dGhpcyBpcyBzb21lIHJhbmRvbSBleHBvbmVudAo=');
@@ -88,13 +87,9 @@ public function testMarshalling(): void
      */
     public function testMarshallingWithOtherElement(): void
     {
-        $keyValue = new KeyValue(null, EncryptionProperty::fromXML(self::$encryptionProperty->documentElement));
+        $keyValue = new KeyValue(EncryptionProperty::fromXML(self::$encryptionProperty->documentElement));
 
-        $elements = $keyValue->getElements();
-        $this->assertEmpty($keyValue->getRSAKeyValue());
-        $this->assertCount(1, $elements);
-
-        $element = reset($elements);
+        $element = $keyValue->getKeyValue();
         $this->assertInstanceOf(EncryptionProperty::class, $element);
 
         $document = self::$empty;
@@ -104,19 +99,6 @@ public function testMarshallingWithOtherElement(): void
     }
 
 
-    /**
-     */
-    public function testMarshallingEmpty(): void
-    {
-        $this->expectException(SchemaViolationException::class);
-        $this->expectExceptionMessage(
-            'A <ds:KeyValue> requires either a RSAKeyValue or an element in namespace ##other',
-        );
-
-        new KeyValue(null, null);
-    }
-
-
     /**
      */
     public function testUnmarshallingWithOtherElement(): void
@@ -128,11 +110,7 @@ public function testUnmarshallingWithOtherElement(): void
 
         $keyValue = KeyValue::fromXML($document->documentElement);
 
-        $elements = $keyValue->getElements();
-        $this->assertNull($keyValue->getRSAKeyValue());
-        $this->assertCount(1, $elements);
-
-        $element = reset($elements);
+        $element = $keyValue->getKeyValue();
         $this->assertInstanceOf(EncryptionProperty::class, $element);
     }
 
@@ -145,7 +123,7 @@ public function testUnmarshallingEmpty(): void
 
         $this->expectException(SchemaViolationException::class);
         $this->expectExceptionMessage(
-            'A <ds:KeyValue> requires either a RSAKeyValue or an element in namespace ##other',
+            'A <ds:KeyValue> must contain exactly one child element',
         );
 
         KeyValue::fromXML($document->documentElement);
